> I would not advise anyone to hold their breath waiting on a concensus on
> a convention, but coming up with a useful convention for digital
> signature and encryption varies from easy to reasonably difficult,
> depending on your requirements.
Balkanized islands of security? Seems like a big step backward. If the
folks in Redmond did this, people would be all over Dare&Co for trying
to kill the open secure WS stuff that they and IBM have been touting for
years.
The security ship has sailed, and you'll never got those genii's back in
a bottle, or a con-call. (Gaak, I sound like Len)
Point solutions are possible, but political and interop reasons will
make everyone just fall back to angle brackets. XML DSIG and Encryption
are frozen -- just try to get W3C to create new WG's for Infoset-based
approach. (Yes, those groups are gone and closed, so you have to start
from scratch. Wise Man, Joseph...) By follow-on, anything that depends
on XML cryptography -- WS-Security et alia -- are similarly frozen to
the XML 1.x serializations. Feel free to disagree; the only possible
answer is "we'll see."
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html